Skip to content Skip to site navigation

Advanced Information and Commands

To increase security and reduce risk, Stanford is sunsetting its WebAFS service that is used to upload and download files to AFS.

To optimize AFS and make sure it is serving its intended functions, UIT has also taken these actions:

  • UIT no longer automatically provisions new faculty and staff members with AFS user volumes. New faculty or staff who need a personal user volume must submit a Help request.
    • This change does not impact existing AFS directories or the process for adding permissions for new individuals to those existing directories. Your existing space and everything in it remains intact.
    • This change does not impact the auto-provisioning of new AFS user volumes for students and postdocs.

​Class volumes do not expire and are kept indefinitely. This is an official academic policy, and any change to this policy must be considered by the Faculty Senate.


This page contains advanced AFS commands and the options you can use with them, plus examples on how to use some of them.

fs --- File Commands

fs apropos search by help text
fs checkservers check local cell's servers
fs checkvolumes check volumeID/name mappings
fs cleanacl clean up access control list
fs copyacl copy access control list
fs debug set debugging info
fs diskfree show server disk space usage
fs examine display volume status
fs exportafs enable/disable translators to AFS
fs flush flush file from cache
fs flushvolume flush all data in volume
fs getcacheparms get cache usage info
fs getcellstatus get cell status
fs getserverprefs get file server ranks
fs help get help on commands
fs listacl list access control list
fs listcells list configured cells
fs listquota list volume quota
fs lsmount list mount point
fs messages control Cache Manager messages
fs mkmount make mount point
fs monitor set cache monitor host address
fs newcell configure new cell
fs quota show volume quota usage
fs rmmount remove mount point
fs setacl set access control list
fs setcachesize set cache size
fs setcell set cell status
fs setquota set volume quota
fs setserverprefs set file server ranks
fs setvol set volume status
fs sysname get/set sysname (i.e. @sys) value
fs whereis list file's location
fs whichcell list file's cell
fs wscell list workstation's cell


Some fairly useful commands:

  • Check which servers are down: fs checkservers
  • Obtaining the Cache Size: fs getcacheparms
  • Flushing Files: fs flush filename
  • Brief Volume Information: fs lq path
  • Find Volume Information: fs whereis path

pts --- Group Commands

pts adduser add a user to a group
pts apropos search by help text
pts chown change ownership of a group
pts creategroup create a new group
pts createuser create a new user
pts delete delete a user or group from database
pts examine examine an entry
pts help get help on commands
pts listmax list max id
pts listowned list groups owned by an entry or zero id gets orphaned groups
pts membership list membership of a user or group
pts removeuser remove a user from a group
pts rename rename user or group
pts setfields set fields for an entry
pts setmax set max id

vos --- Server Commands

vos addsite add a replication site
vos apropos search by help text
vos backup make backup of a volume
vos backupsys en masse backups
vos changeaddr change the IP address of a file server
vos create create a new volume
vos delentry delete VLDB entry for a volume
vos dump dump a volume
vos examine everything about the volume
vos help get help on commands
vos listpart list partitions
vos listvldb list volumes in the VLDB
vos listvol list volumes on server (bypass VLDB)
vos lock lock VLDB entry for a volume
vos move move a volume
vos partinfo list partition information
vos release release a volume
vos remove delete a volume
vos remsite remove a replication site
vos rename rename a volume
vos restore restore a volume
vos status report on volser status
vos syncserv synchronize server with VLDB
vos syncvldb synchronize VLDB with server
vos unlock release lock on VLDB entry for a volume
vos unlockvldb unlock all the locked entries in the VLDB
vos zap delete the volume, don't bother with VLDB


Some fairly useful commands:

  • Listing Volume Attributes: vos examine [volume], i.e. vos examine user.frank or even vos examine user. frank.backup
  • Listing Partition Info: vos partinfo
  • Volume Info: vos examine sun4c_411.pubsw.bin
    (after finding the exactly name from fs lq /usr/pubsw/bin

kas --- System Administration Commands

kas apropos search by help text
kas create create an entry for a user
kas debuginfo show debugging info from AuthServer
kas delete delete a user
kas examine examine the entry for a user
kas forgetticket delete ticket for a specific server
kas getpassword get a user's password
kas getrandomkey get a random key
kas getticket get a ticket for a specific server
kas help get help on commands
kas interactive enter interactive mode
kas list list all users in database
kas listtickets show all cache manager tickets
kas noauthentication connect to AuthServer w/o using token
kas quit exit program
kas setfields set various fields in a user's entry
kas setkey set a user's key
kas setpassword set a user's password
kas statistics show statistics for AuthServer
kas stringtokey convert a string to a key
kas unlock Enable authentication ID after max failed attempts exceeded

More file permissions

The files contained within your AFS home directory use both AFS and Unix file permissions. The only Unix (NFS) permissions which are still applicable under AFS, however, are permissions for the user. Unix permissions on directories are not used.

value -- permission code
400 -- r (Read)
Allows user with AFS read access (rl) to the directory to read or copy the file.
200 -- w (Write)
Allows user with AFS write access (wl) to modify or overwrite a file. Does NOT determine whether a user can delete the file, however. AFS delete (d) permission on the directory does that.
100 -- x (Execute)
Allows user with AFS read access (rl) to execute the file

For example, to give read and execute permission to a file named [filename], type either of the following:
chmod 500 [filename]
chmod u+rx [filename]

The first command uses the numeric code (read + execute = 400 + 100 = 500); the second command uses the letter code (user plus read execute).

For more info on Unix permissions, read the man page for chmod (type "man chmod") and ls. The command "ls -l" will display the Unix permissions for the files. The command "fs la" will display the AFS permissions for the files. They are not the same thing.

Mounting volumes to recover files

Between midnight and 3 AM each night, a backup image of your account is made. If you delete or modify a file in an AFS volume, you may be able to retrieve the file if it existed when the backup image was made. NOTE: Under most circumstances, you should be able to just go into your .backup directory and copy whatever file you need from there directly, without going through the following steps. However, sometimes the volume containing the backup is not mounted. If this is the case, the command:

fs mkmount ~/.backup user.$USER.backup

will mount your backup volume in the directory named .backup in your home directory. You can use a name other ~/.backup if you want. To unmount the volume, type:

fs rmmount ~/.backup

You don't need to unmount it: files in .backup do not count against your disk quota usage.

The backup volume (user.$USER.backup) is a read-only copy of your account. You cannot remove or alter files in the backup volume, and file changes made after the last backup but before the next backup are not available. To restore a file, you must copy the file from the backup volume to your account.

Suppose you delete the file ~/Mail/incoming. The following commands may recover it (assuming you have sufficient quota and you do it in time):

fs mkmount ~/.backup user.$USER.backup
cp ~/.backup/Mail/incoming ~/Mail/incoming.bak
fs rmmount ~/.backup

The recovered file would be named incoming.bak in the Mail directory.


Maintaining groups -- Using the pts command

One neat thing about AFS is that you can create your own groups and grant permissions for individual AFS usernames. To be in a group or individually listed in an ACL, a person needs to have a SUNet ID.

The command pts and its suite of subcommands allows you to create your own groups. Suppose your SUNet ID was "sunetid". Here is a list of common pts commands:

Creates a private group named sunetid:groupname
pts creategroup sunetid:groupname

Adds a user to the group sunetid:groupname (you must own the group)
pts adduser [username] sunetid:groupname

Remove user from the group sunetid:groupname
pts removeuser [username] sunetid:groupname

Delete the group sunetid:groupname from existence
pts delete sunetid:groupname

For a given directory, you can add a group to the acl. For example:
fs sa project sunetid:project read

pts Help, Shortcuts, And Tidbits

As expected, the pts commands have help options and abbreviations. See the man page for pts. You can also type:

pts help lists pts commands
pts [subcommand] -help lists syntax for pts subcommand

Other useful pts commands are:

pts membership [groupname] lists members of the group [groupname]
pts listowned <sunetid> lists groups owned by the user <sunetid>

File system layout

Paths in AFS

  • /afs - base of AFS file system
  • /afs/ (/afs/ir) - base of our cell
  • /afs/ir/pubsw - campus software packages
  • /afs/ir/systems - OS mount points
  • /afs/ir/class - academic file space
  • /afs/ir/group - organization file space
  • /afs/ir/users - personal account space


$ cardinal1:~ > ls /usr/pubsw

X@ apps/ etc/ include/ man@ share@
X11R5/ bin/ examples@ info@ package/ src@
X11R6/ doc@ help/ lib/ sbin/

$ ls /usr/pubsw/package

00README File/ Licensed/ NOTES/ Shells/ Web/
Development/ Fonts/ Local/ Network/ Site/ X/
Dicts/ Games/ Mail/ News/ Sound/ local@
Doc/ Graphics/ Math/ OLD/ System/ nosupport@
Editors/ Leland/ Misc/ Security/ Text/ unfiled/


Common sysnames (@sys)

  • sun4x_58: Sun Solaris 8 (elaine, epic, saga, amy, fable, junior, tree).
  • i386_linux24: Linux 2.4 kernel (firebird, raptor, cardinal).
  • hpux_110: HP-UX 11.0 (pubsw & afs support)
  • rs_aix43: IBM AIX 4.3 (pubsw & afs support)
  • alpha_dux40: Digital Unix 4.0 (pubsw & afs support)
Last modified June 25, 2010